Apple’s Activation Lock Website Was Being Used by Hackers to Unlock Devices

We reported this morning that Apple had removed their Activation Lock status checker page from their website. The website was designed to allow users to check to see if a used iOS device they were purchasing was secured with Activation Lock. This allowed buyers of used devices to tell if a device was locked to another user’s account, meaning it had possibly been lost or stolen.

It turns out the likely reason the website was taken down was because it was being used by hackers as part of a bypass hack used to unlock devices locked by Activation Lock.

The process is demonstrated in the video below. By changing one or two characters of an invalid serial number, hackers are able to generate a valid serial number, using the Activation Lock tool for verification purposes to make sure it’s functional. That valid number, which belongs to a legitimate device owner, can then be used to unlock a previously non-functional iPhone or iPad.

Activation Lock website verification starts at 5:25 in the video

The Activation Lock hack basically steals valid serial numbers from existing iOS device owners, which may help explain why iOS device owners have reported new or recently restored devices becoming inexplicably locked to another Apple ID. The problem has plagued iPhone 6s, 6s Plus, 7, and 7 Plus owners since September and can only be fixed by Apple.

Apple hasn’t confirmed any of this, but it is a valid theory since the hack uses valid serial numbers from other owners. We’ll keep our ears open and let you know if Apple confirms this.

MacTrast Senior Editor, and self-described “magnificent bastard,” Chris Hauk owns Phoenix Rising Services and writes for everyone’s favorite “bad movie” website, Big Bad Drive-In. He lives somewhere in the deep Southern part of America. Yes, he has to pump in both sunshine and the Internet.